cakephp - sql injection test always shows failure

Question

I have project developed using cakephp 1.3 and for testing I used SQL Inject me addon (firefox)

From cakephp manual, what I understood is, the save() and find() methods will automatically protect the data from SQL injection. But while running "SQL inject me" test, I am always getting failures as result.

For ex: Results: Server Status Code: 302 Found Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Server Status Code: 302 Found Tested value: '; DESC users; -- Server Status Code: 302 Found Tested value: 1'1

I have tried with cakephp santize methods, then also I am getting the errors in "sql inject me".

Any help ?

Sample code

$this->data['User'] = Sanitize::clean($this->data['User'], array('encode' => false));
$this->User->save($this->data); 

Answer 1

How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

that error shows that the sql injection has been prevented. You don't need Sanitize for SQL injection, but for XSS.